making the X.509 infrastructure available for OpenPGP

Robert J. Hansen rjh at
Thu Feb 6 15:26:33 CET 2014

On 2/6/2014 7:32 AM, MFPA wrote:
> Really not that interesting. It is possible for CAs to be used with
> OpenPGP, but OpenPGP doesn't _need_ CAs.

Quite the contrary.  If there are no CAs, then no certificate possesses
any validity.

Don't confuse "OpenPGP doesn't need *external* CAs" with "OpenPGP
doesn't need CAs."  You are your own certificate authority in OpenPGP;
remove yourself as a certificate authority and no certificate will
possess any validity.

More information about the Gnupg-users mailing list